Re: Extreme Networks password hash

[Marco Ivaldi <raptor () mediaservice net>]

Alexander,

On Thu, 17 Apr 2008, Alexander Sandstr?m Krantz A wrote:

> Hi! I'm interested in finding out what kind of hash Extremeware (v 7.7) 
> uses to encrypt user passwords. The reason is that I'm trying to find 
> out how to perform a (dictionary or bruteforce) password attack against 
> an Extreme Networks switch. I could use Medusa or THC-Hydra to perform a 
> remote attack, but I would like to avoid it if it's not necessary 
> because of the performance drawbacks.

[snip]

> Does anyone know about the kind of hash used, or recognize the ones in 
> the configuration? If you do, would you happen to know any tool that can 
> perform an attack against this kind of hash?

They are FreeBSD-style MD5-based hashes, as implemented by most modern 
Linux distributions:

root@pandora:/opt/cracking/john_jumbo# cat /root/extreme.pwd
admin:$1$452tVo$nEbHpfJFTUGyBrqmtY8q3.
user:$1$yN/tVo$ARBcY8KlQBq.lvJg2nc5F.
root@pandora:/opt/cracking/john_jumbo# ./john /root/extreme.pwd
Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32])
                 (admin)
                 (user)
guesses: 2  time: 0:00:00:00 100% (2)  c/s: 5180  trying:
root@pandora:/opt/cracking/john_jumbo# ./john -show /root/extreme.pwd
admin:
user:

2 password hashes cracked, 0 left

To crack them, just prepend them with the string "$1$" (see crypt(3) for 
more details) and run your favorite password cracker, such as John the 
Ripper:

http://www.openwall.com/john/

Ciao,

--
Marco Ivaldi, OPST
Red Team Coordinator      Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------